Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb576ea7-72d9-4eae-aee5-e61e6981de1e.roa
File:                     fb576ea7-72d9-4eae-aee5-e61e6981de1e.roa (raw, json)
Hash identifier:          pPCoSXvjuRLGwAXkCcSULiNhpRZRO4DT7Bzv3v03Rlg=
Subject key identifier:   47:84:4C:42:F7:58:CB:80:4A:02:41:87:BA:45:D9:3A:50:F7:B5:4C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4641BE893A8C215109D05B563B813439C892C962
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb576ea7-72d9-4eae-aee5-e61e6981de1e.roa
Signing time:             Fri 26 Sep 2025 00:22:52 +0000
ROA not before:           Fri 26 Sep 2025 00:22:52 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f60:5000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:41:be:89:3a:8c:21:51:09:d0:5b:56:3b:81:34:39:c8:92:c9:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:22:52 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=a1c39ec4ae4cd83c5fe6bdc63dd3013007469b9ef7046942eb36c999c5f01a5d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:af:1b:77:47:b5:10:d4:68:76:cf:bc:e9:da:
                    f0:0f:ff:51:37:59:14:bd:34:4a:7b:50:d0:1f:f8:
                    70:d0:f9:08:c7:b3:58:a5:08:18:4c:d3:5a:5e:30:
                    f8:fa:de:33:46:d2:3b:a4:44:24:21:83:0c:f1:11:
                    21:5b:d3:dd:f5:c7:9b:89:99:29:6f:d8:05:83:14:
                    9b:8c:4c:d0:50:6b:5e:43:7c:2c:d8:7f:25:ea:d5:
                    ee:05:5e:b6:0d:8d:66:09:ee:7a:97:e8:d1:51:c9:
                    ee:ee:ec:8a:63:f2:ec:4e:de:c9:17:7d:76:fc:1f:
                    6d:68:c8:0f:6e:72:33:b3:f6:ba:fd:d4:77:20:bd:
                    a9:fa:e5:f5:72:9d:ab:4a:c8:58:89:42:17:4e:d1:
                    3b:76:47:cb:23:29:48:f7:fa:1a:96:b8:26:43:46:
                    79:f6:1e:ee:79:4d:ac:93:d5:3f:c6:82:24:7b:47:
                    76:c5:8c:04:0a:ad:5e:43:cf:4b:a0:47:e0:a1:08:
                    f1:31:e7:64:1b:93:b5:6b:70:de:67:bd:f2:fe:40:
                    26:49:4d:2b:43:8a:26:68:f2:0e:7c:a0:b9:99:71:
                    4b:78:0f:f1:0a:44:79:0b:be:69:3f:d8:42:89:5f:
                    da:7c:a9:b7:aa:7b:2f:b5:bc:9c:8c:68:b0:12:f8:
                    b6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:84:4C:42:F7:58:CB:80:4A:02:41:87:BA:45:D9:3A:50:F7:B5:4C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb576ea7-72d9-4eae-aee5-e61e6981de1e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         68:9a:b9:ab:f8:6c:9b:87:df:c5:5e:36:db:84:85:73:5f:6f:
         ea:1d:ef:d9:08:12:32:e8:d4:99:cf:32:0e:9c:a3:b1:1b:98:
         78:54:b1:a5:47:68:d9:30:35:33:fb:ab:b3:7a:18:09:0e:02:
         f8:03:1c:5e:90:54:16:30:5b:2b:db:51:dd:76:5e:e6:43:00:
         7e:d7:8b:79:67:54:46:46:a4:5c:9d:4c:b1:ce:95:58:7e:a9:
         a9:18:65:a8:c7:c2:7b:49:c5:bd:91:f8:a4:01:f8:25:20:5e:
         26:e6:73:cf:8f:71:f7:b6:8c:7b:7b:ab:02:53:d4:4f:3b:4e:
         47:00:b7:c4:9e:2d:67:cb:9a:7d:09:7f:25:2c:57:63:df:4e:
         a6:87:4c:0b:ea:9b:de:ec:5b:65:b0:f0:0f:df:61:9b:e0:53:
         b5:fa:c1:61:8e:a6:47:07:f5:5e:21:73:bb:60:60:f3:94:e0:
         37:dd:cd:bf:0e:c7:48:7f:05:57:ca:b9:da:54:ea:94:1c:02:
         b8:a7:8f:73:e1:2f:4e:4a:ae:d5:38:59:ad:c4:ea:e8:64:62:
         e8:f8:48:be:8a:fa:04:47:b0:82:bf:20:86:dd:2a:db:3e:36:
         2c:69:7c:0d:0c:ef:89:9d:ad:46:cc:04:f1:04:ee:2f:ab:b3:
         88:2d:a1:e5
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIURkG+iTqMIVEJ0FtWO4E0OciSyWIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDAyMjUyWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMWMzOWVjNGFlNGNkODNjNWZlNmJkYzYzZGQzMDEzMDA3
NDY5YjllZjcwNDY5NDJlYjM2Yzk5OWM1ZjAxYTVkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMrxt3R7UQ1Gh2z7zp2vAP/1E3WRS9NEp7UNAf+HDQ+QjH
s1ilCBhM01peMPj63jNG0jukRCQhgwzxESFb0931x5uJmSlv2AWDFJuMTNBQa15D
fCzYfyXq1e4FXrYNjWYJ7nqX6NFRye7u7Ipj8uxO3skXfXb8H21oyA9ucjOz9rr9
1Hcgvan65fVynatKyFiJQhdO0Tt2R8sjKUj3+hqWuCZDRnn2Hu55TayT1T/GgiR7
R3bFjAQKrV5Dz0ugR+ChCPEx52Qbk7VrcN5nvfL+QCZJTStDiiZo8g58oLmZcUt4
D/EKRHkLvmk/2EKJX9p8qbeqey+1vJyMaLAS+LZfAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUR4RMQvdYy4BKAkGHukXZOlD3tUwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZiNTc2ZWE3LTcyZDktNGVhZS1hZWU1LWU2MWU2OTgxZGUxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gUDANBgkqhkiG9w0BAQsFAAOCAQEAaJq5q/hsm4ffxV4224SFc19v
6h3v2QgSMujUmc8yDpyjsRuYeFSxpUdo2TA1M/urs3oYCQ4C+AMcXpBUFjBbK9tR
3XZe5kMAfteLeWdURkakXJ1Msc6VWH6pqRhlqMfCe0nFvZH4pAH4JSBeJuZzz49x
97aMe3urAlPUTztORwC3xJ4tZ8uafQl/JSxXY99OpodMC+qb3uxbZbDwD99hm+BT
tfrBYY6mRwf1XiFzu2Bg85TgN93Nvw7HSH8FV8q52lTqlBwCuKePc+EvTkqu1ThZ
rcTq6GRi6PhIvor6BEewgr8ght0q2z42LGl8DQzviZ2tRswE8QTuL6uziC2h5Q==
-----END CERTIFICATE-----